North Korean hackers have been accused of stealing sensitive data from South Korean defense companies, including information on advanced anti-aircraft weapons systems. The group, known as Andariel, reportedly stole 1.2 terabytes of data and extorted over $350,000 in ransom from various organizations.
The Seoul Metropolitan Police Agency, in a joint investigation with the Federal Bureau of Investigation (FBI), revealed that Andariel used rented servers in South Korea to launch their attacks. They targeted defense companies, research institutes, and pharmaceutical firms, stealing confidential information and causing “a decline in corporate trust.”
Andariel stole 1.2 terabytes of data from South Korean organizations. The group extorted 470 million won (approximately $357,000) in Bitcoin from victims. Andariel is believed to be linked to the Lazarus Group, a North Korean intelligence agency. The group used custom-built malware and ransomware to target organizations worldwide. Andariel laundered stolen funds through cryptocurrency exchanges and transferred them to China.
South Korean police have seized servers and virtual asset exchanges used by the group.
Police Advise Organizations to Strengthen Cybersecurity:
The Seoul Metropolitan Police Agency advised organizations to take steps to protect themselves from cyberattacks. These include:
- Checking for security vulnerabilities
- Updating security software to the latest version
- Encrypting important data
- Implementing strong password policies
- Providing cybersecurity awareness training to employees
The investigation into Andariel’s activities is ongoing. Police are working with international partners to identify and apprehend those involved in the attacks. They are also urging organizations to come forward if they believe they have been targeted by the group.
This incident highlights the growing threat of cyberattacks from North Korea. Organizations need to take steps to improve their cybersecurity posture in order to protect themselves from these attacks.